Mariadb

MariaDB patched CVE-2026-35549 on April 3, 2026. Seven weeks later, the fixed packages haven’t landed in the official repositories of RHEL 8, 9, and 10, Ubuntu LTS releases, or CentOS 8. If you’re running distro-packaged MariaDB and have the caching_sha2_password authentication plugin in use, your database server can be crashed by any authenticated user with a single oversized packet. What the Bug Is The vulnerability lives in the caching_sha2_password authentication plugin — MariaDB’s compatibility layer for the plugin MySQL 8.0 made default. When processing an authentication request, the plugin calls sha256_crypt_r, which allocates memory via alloca(). Unlike malloc(), alloca() grabs memory directly from the stack with no size check whatsoever. Feed it a packet that’s large enough, and the function attempts to allocate more stack space than exists, causing the server process to crash immediately. ...

A heap buffer overflow in MariaDB’s JSON_SCHEMA_VALID() function went unnoticed for years — until AI-assisted code analysis flagged it earlier this year. The flaw, now tracked as CVE-2026-32710, was disclosed on March 19, 2026, and patches landed the same day. If your server runs MariaDB 11.4.x or 11.8.x and you haven’t applied the update yet, this is the one to prioritise this week. What the Bug Actually Does The problem lives in json_get_normalized_string() inside sql/json_schema_helper.cc. The function allocates a fixed 128-byte heap buffer and then copies a JSON string value into it using strncpy — without first checking whether the value fits. If an attacker crafts a JSON schema with a string field longer than that buffer, the heap overflows. ...